Strange IndiaStrange India

Recent headlines have shown ChatGPT’s privacy and security measures are… well, pretty bad. 

The issues began when ChatGPT user Chase Whiteside noticed unrecognized logs in his chat history. The initial theory was that these chat entries belonged to other users that ChatGPT somehow posted to the incorrect account, raising concerns that chat logs or other personal information could be leaked due to the ostensible bug. However, OpenAI, the company behind ChatGPT, investigated the issue and discovered someone else had broken into Whiteside’s account, meaning the unexpected logs were from the hacker using ChatGPT with Whiteside’s username and were not the result of a bug leaking other people’s chat histories.

While the results of OpenAI’s investigation show ChatGPT won’t accidentally share your chat logs or personal data with other users, it still highlights a major issue with the service’s account security. Or, more accurately, its lack thereof.

ChatGPT’s nonexistent account security options

Most websites, apps, or services you log into offer security measures meant to keep hackers or bots out of your account. The most common are text- or email-based two-step authentication, or the more robust two-factor authentication (2FA) which uses pre-generated login codes or extra apps to approve logins. They will also send texts, emails, and/or push notifications to your devices whenever you (or someone else) try to log in, alerting you to possible account breaches. 

While 2FA is more effective than two-step authentication at preventing account break-ins, they are both more secure than relying on just a password. Unfortunately, ChatGPT offers neither, which is why someone was able to break into Whiteside’s account even though Whiteside says his password was a nine-character string of “upper- and lower-case letters and special characters.” 

To be fair, Whitefield says his ChatGPT password was also associated with his Microsoft account, which is one of the biggest login security mistakes you can make—if one account is compromised, others using the same login info are also at risk. However, it’s just as possible that the hacker never knew the password and just brute-forced their way into Whiteside’s account. 

Whatever method the hacker used to get into Whiteside’s account, the point is you also need secondary lines of defense against data leaks, phishing attacks, spyware, social engineering, and password-busting software hackers can use to steal logins. That’s why a strong, unique password is just one part of your online security checklist. 

How to keep your ChatGPT account and data safe

While it’s unlikely someone will break into your ChatGPT account, it’s clearly possible. If that’s a deal breaker, the safest option is not to use the AI chatbot at all. Thankfully, ChatGPT is free to use and doesn’t require you to hand over important personal or financial data, so there’s not much incentive to break into someone’s account. Nevertheless, if you’re going to use ChatGPT, you should still make an effort to keep your account safe.

  • Normally, enabling settings like 2FA would be our first recommendation for tuning up your login security, but since ChatGPT doesn’t offer such options, the best you can do for now is to make your username and password as secure as possible. Do not use your Google, Microsoft, or Apple account to log into ChatGPT. It’s convenient, but doing so associates your data from those other services with ChatGPT, and makes it easier for someone to break into those other accounts. Make a new, dedicated ChatGPT account with its own username and password instead that you don’t use anywhere else, and make sure the password is strong. Oh, and it’s wise to change your ChatGPT password regularly, too.

  • To reduce the chance of someone lifting your personal data should they break into your account, don’t include any personal information or sensitive data in your ChatGPT prompts or searches. 

  • Finally, keep an eye on your chat history. If you notice new entries you don’t recognize, be sure to report the issue to OpenAI’s official help email [email protected], and then update your password immediately.

Source link


Leave a Reply

Your email address will not be published. Required fields are marked *